Message Boards
Getting Redirected to Login portlet when accessing /image
Getting Redirected to Login portlet when accessing /image
New Member Posts: 6 Join Date: 2/1/21 Recent PostsHi,
We recently received a Vulnerability that is as below (Liferay 6.2 EE)
When we manupulate custom login portlet URL. https://www.mycustomlogin/login to https://www.mycustomlogin/image I get redirected to the Liferay Login portlet which exposes the full URL (https://www.mycustomlogin/inicio?p_p_state=maximized&p_p_mode=view&saveLastPath=false&_58_struts_action=%2Flogin%2Flogin&p_p_id=58&p_p_lifecycle=0&_58_redirect=%2Fimage)
and after this URL can be modified to get access to search portlet(p_p_id=3). can you help us with the way to change this behavious as we do not want to expose our control panel login and search portlet.
I am new to liferay but i tried introducing a custom filter but it looks request is getting intercepted before request is received by my filter.
Thanks in Advance.
RE: Getting Redirected to Login portlet when accessing /image (Answer)
New Member Post: 1 Join Date: 2/3/21 Recent PostsYou may restrict url at web server level. (httpd.conf )
RE: RE: Getting Redirected to Login portlet when accessing /image
New Member Posts: 6 Join Date: 2/1/21 Recent PostsThanks Manish, this is what we did to get the work done.
RE: Getting Redirected to Login portlet when accessing /image
New Member Posts: 6 Join Date: 2/1/21 Recent PostsThanks for the help, this is what we did and got it blocked from web server.
RE: Getting Redirected to Login portlet when accessing /image
Liferay Master Posts: 529 Join Date: 10/21/10 Recent PostsIf it's an EE version, you can open a support ticket ask whether a security fix is avaliable for your problem.